<!DOCTYPE html>
<html xmlns:th="http://www.thymeleaf.org">
  <link rel="stylesheet" type="text/css" th:href="@{/lesson_css/openredirect.css}" />

  <div class="lesson-page-wrapper">
    <div class="adoc-content" th:replace="~{doc:lessons/openredirect/documentation/OpenRedirect_Intro.adoc}"></div>
  </div>

  <div class="lesson-page-wrapper">
    <div class="adoc-content" th:replace="~{doc:lessons/openredirect/documentation/OpenRedirect_Explained.adoc}"></div>
  </div>

  <!-- Task 1 -->
  <div class="lesson-page-wrapper">
    <div class="adoc-content" th:replace="~{doc:lessons/openredirect/documentation/OpenRedirect_Task1.adoc}"></div>
    <div class="attack-container">
      <div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
      <form class="attack-form" method="POST" th:action="@{/OpenRedirect/task1}">
        <label for="t1url">Return URL</label>
        <input id="t1url" name="url" placeholder="https://evil.test" value="/home" size="60" />
        <button type="submit">Simulate Redirect</button>
        <div class="tiny-hint">Provide an absolute external URL using http or https.</div>
      </form>
      <div class="attack-feedback"></div>
      <div class="attack-output"></div>
    </div>
  </div>

  <div class="lesson-page-wrapper">
    <div class="adoc-content" th:replace="~{doc:lessons/openredirect/documentation/OpenRedirect_Task2.adoc}"></div>
    <div class="attack-container">
      <div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
      <form class="attack-form" method="POST" th:action="@{/OpenRedirect/task2}">
        <label for="t2url">Return URL (substring filter active)</label>
        <input id="t2url" name="url" placeholder="https://webgoat.org.evil.com" size="60" />
        <button type="submit">Simulate Redirect</button>
      </form>
      <div class="attack-feedback"></div>
      <div class="attack-output"></div>
      <div class="note">The filter only checks if the supplied URL contains the substring 'webgoat'.</div>
    </div>
  </div>

  <div class="lesson-page-wrapper">
    <div class="adoc-content" th:replace="~{doc:lessons/openredirect/documentation/OpenRedirect_Task3.adoc}"></div>
    <div class="attack-container">
      <div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
      <form class="attack-form" method="POST" th:action="@{/OpenRedirect/task3}">
        <label for="t3target">Target URL</label>
        <input id="t3target" name="target" placeholder="https://webgoat.local@evil.com" size="55" />
        <label for="t3token">Tracking Token</label>
        <input id="t3token" name="token" value="abc123" size="15" />
        <button type="submit">Simulate Redirect</button>
      </form>
      <div class="attack-feedback"></div>
      <div class="attack-output debug-block"></div>
    </div>
  </div>

  <div class="lesson-page-wrapper">
    <div class="adoc-content" th:replace="~{doc:lessons/openredirect/documentation/OpenRedirect_Task4.adoc}"></div>
    <div class="attack-container">
      <div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
      <form class="attack-form" method="POST" th:action="@{/OpenRedirect/task4}">
        <label for="t4target">Target URL (double-encoded)</label>
        <input
          id="t4target"
          name="target"
          placeholder="Double-encoded target URL (e.g. https://example%2540attacker.test)"
          size="60"
        />
        <button id="task4-autofill" type="button" data-sample="https://webgoat.local%2540evil.com">
          Autofill sample
        </button>
        <button type="submit">Simulate Redirect</button>
      </form>
      <div class="attack-feedback"></div>
      <div class="attack-output debug-block"></div>
    </div>
  </div>

  <div class="lesson-page-wrapper">
    <div class="adoc-content" th:replace="~{doc:lessons/openredirect/documentation/OpenRedirect_TokenLeakExamples.adoc}"></div>
  </div>
  <div class="lesson-page-wrapper">
      <div class="adoc-content" th:replace="~{doc:lessons/openredirect/documentation/OpenRedirect_Token_Mitigations.adoc}"></div>
  </div>


  <!-- Quiz Section -->
  <div class="lesson-page-wrapper">
    <span id="quiz_id" data-quiz_id="openredirect"></span>
    <link rel="stylesheet" type="text/css" th:href="@{/css/quiz.css}" />
    <script th:src="@{/js/quiz.js}" language="JavaScript"></script>
    <link rel="import" type="application/json" th:href="@{/lesson_js/questions_openredirect.json}" />
    <div class="adoc-content" th:replace="~{doc:lessons/openredirect/documentation/OpenRedirect_Quiz.adoc}"></div>
    <div class="attack-container">
      <div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
      <div class="container-fluid">
        <form id="quiz-form" class="attack-form" method="POST" th:action="@{/OpenRedirect/quiz}" role="form">
          <div id="q_container"></div>
          <br />
          <input name="Quiz_solutions" value="Submit answers" type="SUBMIT" />
        </form>
      </div>
      <div class="attack-feedback"></div>
      <div class="attack-output"></div>
    </div>
  </div>

  <div class="lesson-page-wrapper">
    <div class="adoc-content" th:replace="~{doc:lessons/openredirect/documentation/OpenRedirect_Prevent.adoc}"></div>
    <div class="attack-container">
      <div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
      <!-- Mitigation verification assignment -->
      <form class="attack-form" method="POST" th:action="@{/OpenRedirect/mitigation}">
        <label for="mitigationUrl">External URL to test mitigation</label>
        <input id="mitigationUrl" name="url" placeholder="https://evil.test" size="60" />
        <button type="submit">Test Mitigation</button>
        <div class="tiny-hint">Try an absolute external URL (http/https) that is NOT an internal host.</div>
      </form>
      <!-- Existing safe redirect demonstration (non-scored) -->
      <h4>Prevention Patterns</h4>
      <form method="GET" th:action="@{/OpenRedirect/safe}">
        <label for="destId">Safe Destination ID</label>
        <input id="destId" name="destId" value="1" size="4" />
        <button type="submit">Safe Redirect</button>
        <span class="tiny-hint">Use strict allow lists, canonical host comparison, and server-side mapping of destination ids.</span>
      </form>
      <p>
        <small>Also experiment with a real (unsafe) redirect: <code>/OpenRedirect/realRedirect?url=https://example.com</code></small>
      </p>
      <div class="attack-feedback"></div>
      <div class="attack-output"></div>
    </div>
  </div>
  <!-- include task4 helper script -->
  <script th:src="@{/lesson_js/openredirect-task4.js}" language="JavaScript"></script>
</html>
